jedi-academy

mirror of https://github.com/ioquake/jedi-academy.git synced 2025-02-15 08:41:48 +00:00

History

Jonathan Gray 8550620849 CVE-2006-3325 arbitrary cvar overwrite CVE-2006-3325 client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files. Luigi Auriemma q3cfilevar from Thilo Schulz in ioquake3 svn 811 git 7d51d75b05a9593508040162709043516c0f2a17 - Fix arbitrary cvar overwrite flaw: http://aluigi.altervista.org/adv.htm		2013-05-07 22:18:55 +10:00
..
eax	ditch dos style newlines	2013-04-23 15:21:39 +10:00
OpenAL	ditch dos style newlines	2013-04-23 15:21:39 +10:00
0_SH_Leak.cpp	fix slashes in include paths	2013-04-23 15:40:23 +10:00
BinkVideo.cpp	ditch dos style newlines	2013-04-23 15:21:39 +10:00
BinkVideo.h	ditch dos style newlines	2013-04-23 15:21:39 +10:00
cl_cgame.cpp	fix #includes to compile on non windows without pch	2013-04-25 23:51:46 +10:00
cl_cin.cpp	add some casts so gcc can pick an overloaded abs/max/min func	2013-04-25 23:51:53 +10:00
cl_cin_console.cpp	ditch dos style newlines	2013-04-23 15:21:39 +10:00
cl_console.cpp	ditch dos style newlines	2013-04-23 15:21:39 +10:00
cl_input.cpp	add some casts so gcc can pick an overloaded abs/max/min func	2013-04-25 23:51:53 +10:00
cl_keys.cpp	const fixes	2013-05-02 13:47:51 +10:00
cl_main.cpp	vsprintf -> Q_vsnprintf	2013-05-07 22:18:45 +10:00
cl_net_chan.cpp	ditch dos style newlines	2013-04-23 15:21:39 +10:00
cl_parse.cpp	CVE-2006-3325 arbitrary cvar overwrite	2013-05-07 22:18:55 +10:00
cl_scrn.cpp	ditch dos style newlines	2013-04-23 15:21:39 +10:00
cl_ui.cpp	ditch dos style newlines	2013-04-23 15:21:39 +10:00
client.h	const fixes	2013-05-02 13:47:51 +10:00
fffx.h	ditch dos style newlines	2013-04-23 15:21:39 +10:00
FXExport.cpp	fix #includes to compile on non windows without pch	2013-04-25 23:51:46 +10:00
FXExport.h	ditch dos style newlines	2013-04-23 15:21:39 +10:00
FxPrimitives.cpp	provide a gcc style alternative to the inline asm in FxPrimitives	2013-04-25 23:51:53 +10:00
FxPrimitives.h	avoid extra qualification of function members	2013-04-26 22:27:24 +10:00
FxScheduler.cpp	CVE-2006-2236 Buffer overflow in the Quake 3 Engine	2013-05-07 22:18:45 +10:00
FxScheduler.h	stricmp -> Q_stricmp	2013-04-25 23:51:55 +10:00
FxSystem.cpp	vsprintf -> Q_vsnprintf	2013-05-07 22:18:45 +10:00
FxSystem.h	avoid extra qualification of function members	2013-04-26 22:27:24 +10:00
FxTemplate.cpp	stricmp -> Q_stricmp	2013-04-25 23:51:55 +10:00
FxUtil.cpp	ditch dos style newlines	2013-04-23 15:21:39 +10:00
FxUtil.h	ditch dos style newlines	2013-04-23 15:21:39 +10:00
keycodes.h	ditch dos style newlines	2013-04-23 15:21:39 +10:00
keys.h	ditch dos style newlines	2013-04-23 15:21:39 +10:00
snd_ambient.cpp	stricmp -> Q_stricmp	2013-04-25 23:51:55 +10:00
snd_ambient.h	ditch dos style newlines	2013-04-23 15:21:39 +10:00
snd_dma.cpp	CVE-2006-2236 Buffer overflow in the Quake 3 Engine	2013-05-07 22:18:45 +10:00
snd_dma_console.cpp	ditch dos style newlines	2013-04-23 15:21:39 +10:00
snd_local.h	fix #includes to compile on non windows without pch	2013-04-25 23:51:46 +10:00
snd_local_console.h	ditch dos style newlines	2013-04-23 15:21:39 +10:00
snd_mem.cpp	strnicmp -> Q_strnicmp	2013-04-25 23:51:56 +10:00
snd_mem_console.cpp	ditch dos style newlines	2013-04-23 15:21:39 +10:00
snd_mix.cpp	opt out of more masm assembly	2013-04-25 23:51:56 +10:00
snd_mp3.cpp	ditch dos style newlines	2013-04-23 15:21:39 +10:00
snd_mp3.h	ditch dos style newlines	2013-04-23 15:21:39 +10:00
snd_music.cpp	stricmp -> Q_stricmp	2013-04-25 23:51:55 +10:00
snd_music.h	ditch dos style newlines	2013-04-23 15:21:39 +10:00
snd_public.h	ditch dos style newlines	2013-04-23 15:21:39 +10:00